Strip markdown from all og:description meta tags

This commit strips markdown from og:description meta tags by providing
page_description with the HTML-rendered version of the page's
description. The end result is that og:description is rendered with a
plain version of the text, because page_description strips out HTML.

app/views/layouts/group.html.haml

 - page_title       @group.name
-- page_description @group.description  unless page_description
+- page_description @group.description_html unless page_description
 - header_title     group_title(@group)     unless header_title
 - nav "group"
 - display_subscription_banner!

app/views/layouts/project.html.haml

 - page_title       @project.full_name
-- page_description @project.description    unless page_description
+- page_description @project.description_html unless page_description
 - header_title     project_title(@project)   unless header_title
 - nav              "project"
 - display_subscription_banner!

app/views/projects/issues/show.html.haml

@@ -2,7 +2,7 @@
 - add_to_breadcrumbs _("Issues"), project_issues_path(@project)
 - breadcrumb_title @issue.to_reference
 - page_title           "#{@issue.title} (#{@issue.to_reference})", _("Issues")
-- page_description     @issue.description
+- page_description     @issue.description_html
 - page_card_attributes @issue.card_attributes
 - if @issue.relocation_target
   - page_canonical_link @issue.relocation_target.present(current_user: current_user).web_url

app/views/projects/merge_requests/show.html.haml

@@ -3,7 +3,7 @@
 - add_to_breadcrumbs _("Merge Requests"), project_merge_requests_path(@project)
 - breadcrumb_title @merge_request.to_reference
 - page_title "#{@merge_request.title} (#{@merge_request.to_reference})", _("Merge Requests")
-- page_description @merge_request.description
+- page_description @merge_request.description_html
 - page_card_attributes @merge_request.card_attributes
 - suggest_changes_help_path = help_page_path('user/discussions/index.md', anchor: 'suggest-changes')
 - number_of_pipelines = @pipelines.size

app/views/projects/milestones/show.html.haml

 - add_to_breadcrumbs _('Milestones'), project_milestones_path(@project)
 - breadcrumb_title @milestone.title
 - page_title       @milestone.title, _('Milestones')
-- page_description @milestone.description
+- page_description @milestone.description_html
 - add_page_specific_style 'page_bundles/milestone'
 
 = render 'shared/milestones/header', milestone: @milestone

app/views/users/show.html.haml

@@ -2,7 +2,7 @@
 - @hide_breadcrumbs = true
 - @no_container = true
 - page_title       @user.blocked? ? s_('UserProfile|Blocked user') : @user.name
-- page_description @user.bio
+- page_description @user.bio_html
 - header_title     @user.name, user_path(@user)
 - link_classes = "flex-grow-1 mx-1 "
 

changelogs/unreleased/nfriend-strip-markdown-from-og-description.yml

+---
+title: Strip markdown from og:description meta tags
+merge_request: 42918
+author:
+type: added

ee/app/views/groups/epics/show.html.haml

@@ -13,7 +13,7 @@
 - breadcrumb_title epic_reference
 
 - page_title           "#{@epic.title} (#{epic_reference})", _("Epics")
-- page_description     @epic.description
+- page_description     @epic.description_html
 
 - page_card_attributes @epic.card_attributes
 

ee/spec/features/epics/epic_show_spec.rb

@@ -14,7 +14,7 @@ RSpec.describe 'Epic show', :js do
 
   let_it_be(:markdown) do
     <<-MARKDOWN.strip_heredoc
-    Lorem ipsum dolor sit amet, consectetur adipiscing elit.
+    **Lorem** _ipsum_ dolor sit [amet](https://example.com), consectetur adipiscing elit.
     Nos commodius agimus.
     Ex rebus enim timiditas, non ex vocabulis nascitur.
     Ita prorsus, inquam; Duo Reges: constructio interrete.
@@ -116,6 +116,8 @@ RSpec.describe 'Epic show', :js do
   end
 
   describe 'Epic metadata' do
+    it_behaves_like 'page meta description', 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nos commodius agimus. Ex rebus enim timiditas, non ex vocabulis nascitur. Ita prorsus, inquam; Duo...'
+
     it 'shows epic status, date and author in header' do
       page.within('.epic-page-container .detail-page-header-body') do
         expect(find('.issuable-status-box > span')).to have_content('Open')
@@ -127,7 +129,7 @@ RSpec.describe 'Epic show', :js do
     it 'shows epic title and description' do
       page.within('.epic-page-container .detail-page-description') do
         expect(find('.title-container .title')).to have_content(epic_title)
-        expect(find('.description .md')).to have_content(markdown.squish)
+        expect(find('.description .md')).to have_content('Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nos commodius agimus. Ex rebus enim timiditas, non ex vocabulis nascitur. Ita prorsus, inquam; Duo Reges: constructio interrete.')
       end
     end
 

spec/features/groups/show_spec.rb

@@ -184,4 +184,17 @@ RSpec.describe 'Group show page' do
       expect(page).to have_selector('.notifications-btn.disabled', visible: true)
     end
   end
+
+  context 'page og:description' do
+    let(:group) { create(:group, description: '**Lorem** _ipsum_ dolor sit [amet](https://example.com)') }
+    let(:maintainer) { create(:user) }
+
+    before do
+      group.add_maintainer(maintainer)
+      sign_in(maintainer)
+      visit path
+    end
+
+    it_behaves_like 'page meta description', 'Lorem ipsum dolor sit amet'
+  end
 end

spec/features/issues/user_views_issue_spec.rb

@@ -5,7 +5,7 @@ require "spec_helper"
 RSpec.describe "User views issue" do
   let_it_be(:project) { create(:project_empty_repo, :public) }
   let_it_be(:user) { create(:user) }
-  let_it_be(:issue) { create(:issue, project: project, description: "# Description header", author: user) }
+  let_it_be(:issue) { create(:issue, project: project, description: "# Description header\n\n**Lorem** _ipsum_ dolor sit [amet](https://example.com)", author: user) }
   let_it_be(:note) { create(:note, noteable: issue, project: project, author: user) }
 
   before_all do
@@ -20,6 +20,8 @@ RSpec.describe "User views issue" do
 
   it { expect(page).to have_header_with_correct_id_and_link(1, "Description header", "description-header") }
 
+  it_behaves_like 'page meta description', ' Description header Lorem ipsum dolor sit amet'
+
   it 'shows the merge request and issue actions', :aggregate_failures do
     expect(page).to have_link('New issue')
     expect(page).to have_button('Create merge request')

spec/features/merge_request/user_sees_page_metadata_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Merge request > User sees page metadata' do
+  let(:merge_request) { create(:merge_request, description: '**Lorem** _ipsum_ dolor sit [amet](https://example.com)') }
+  let(:project) { merge_request.target_project }
+  let(:user) { project.creator }
+
+  before do
+    project.add_maintainer(user)
+    sign_in(user)
+    visit project_merge_request_path(project, merge_request)
+  end
+
+  it_behaves_like 'page meta description', 'Lorem ipsum dolor sit amet'
+end

spec/features/milestones/user_views_milestone_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe "User views milestone" do
   let_it_be(:user) { create(:user) }
   let_it_be(:group) { create(:group) }
   let_it_be(:project) { create(:project, :repository, group: group) }
-  let_it_be(:milestone) { create(:milestone, project: project) }
+  let_it_be(:milestone) { create(:milestone, project: project, description: '**Lorem** _ipsum_ dolor sit [amet](https://example.com)') }
   let_it_be(:labels) { create_list(:label, 2, project: project) }
 
   before_all do
@@ -17,6 +17,14 @@ RSpec.describe "User views milestone" do
     sign_in(user)
   end
 
+  context 'page description' do
+    before do
+      visit(project_milestone_path(project, milestone))
+    end
+
+    it_behaves_like 'page meta description', 'Lorem ipsum dolor sit amet'
+  end
+
   it "avoids N+1 database queries" do
     issue_params = { project: project, assignees: [user], author: user, milestone: milestone, labels: labels }.freeze
 

spec/features/projects_spec.rb

@@ -99,6 +99,15 @@ RSpec.describe 'Project' do
         expect(page).to have_css('.home-panel-description .is-expanded')
       end
     end
+
+    context 'page description' do
+      before do
+        project.update_attribute(:description, '**Lorem** _ipsum_ dolor sit [amet](https://example.com)')
+        visit path
+      end
+
+      it_behaves_like 'page meta description', 'Lorem ipsum dolor sit amet'
+    end
   end
 
   describe 'project topics' do

spec/features/users/show_spec.rb

@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe 'User page' do
   include ExternalAuthorizationServiceHelpers
 
-  let(:user) { create(:user) }
+  let(:user) { create(:user, bio: '**Lorem** _ipsum_ dolor sit [amet](https://example.com)') }
 
   context 'with public profile' do
     it 'shows all the tabs' do
@@ -174,4 +174,12 @@ RSpec.describe 'User page' do
       end
     end
   end
+
+  context 'page description' do
+    before do
+      visit(user_path(user))
+    end
+
+    it_behaves_like 'page meta description', 'Lorem ipsum dolor sit amet'
+  end
 end

spec/support/shared_examples/features/page_description_shared_examples.rb

+# frozen_string_literal: true
+
+RSpec.shared_examples 'page meta description' do |expected_description|
+  it 'renders the page with description, og:description, and twitter:description meta tags that contains a plain-text version of the markdown', :aggregate_failures do
+    %w(name='description' property='og:description' property='twitter:description').each do |selector|
+      expect(page).to have_selector("meta[#{selector}][content='#{expected_description}']", visible: false)
+    end
+  end
+end